dockerfile: Create a dedicated syncthing user (#5072)

A dedicated user is necessary to create relative references via
~/<folder> or $HOME/<folder>. Having the syncthing process just running
under a unprivileged UID/GID, will remove the home folder relation and
therefore will result in nonexistent shares after update.

Signed-off-by: Benedikt Heine <bebe@bebehei.de>
This commit is contained in:
Benedikt Heine 2018-07-20 15:45:40 +02:00 committed by Jakob Borg
parent 3d8344003e
commit 3102e36a45

View File

@ -21,11 +21,30 @@ COPY --from=builder /go/src/github.com/syncthing/syncthing/syncthing /bin/syncth
RUN apk add --no-cache su-exec RUN apk add --no-cache su-exec
ENV STNOUPGRADE=1 ENV STNOUPGRADE=1
ENV PUSR=syncthing
ENV PUID=1000 ENV PUID=1000
ENV PGRP=syncthing
ENV PGID=1000 ENV PGID=1000
HEALTHCHECK --interval=1m --timeout=10s \ HEALTHCHECK --interval=1m --timeout=10s \
CMD nc -z localhost 8384 || exit 1 CMD nc -z localhost 8384 || exit 1
ENTRYPOINT chown $PUID:$PGID /var/syncthing \ ENTRYPOINT true \
&& su-exec $PUID:$PGID /bin/syncthing -home /var/syncthing/config -gui-address 0.0.0.0:8384 && ( getent group "${PGRP}" >/dev/null \
|| addgroup \
-g "${PGID}" \
"${PGRP}" \
) \
&& ( getent passwd "${PUSR}" >/dev/null \
|| adduser \
-h /var/syncthing \
-G "${PGRP}" \
-u "${PUID}" \
"${PUSR}" \
) \
&& chown "${PUSR}:${PGRP}" /var/syncthing \
&& su-exec "${PUSR}:${PGRP}" \
/bin/syncthing \
-home /var/syncthing/config \
-gui-address 0.0.0.0:8384 \
&& true